xloader

General

Target

OR71042P.exe
Size

259KB
Sample

210824-djj6q84gwe
MD5

3938c79cdaba4ed8ce678b0e80856648
SHA1

8cc115a4017d767b63d015551a265dc3419cf974
SHA256

c5e2e6ca1132790699601f8a322bf098ecfc4001063a94ba0fb1861e73748fd7
SHA512

047caf03cd00fb97fedbc517aec3de04df7decb12b0400dd34f5957a54cb6be9be00a3d750952b0750b2282dd06b854286638e834b87befa1d67168b248c4118

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

p086

C2

http://www.riscology.com/p086/

Decoy

jinshichain.com

worldpettraveler.com

hightecforpc.com

kj97fm.com

streetnewstv.com

webrew.club

wheretogodubai.com

apostapolitica.net

thecafy.com

vinelosangeles.com

gashinc.com

gutitout.net

bvd-invest.com

realtoroutdesk.com

lawnbowlstournaments.net

nobodyisillegal.com

abogadoorihuela.net

sanistela.com

jksecurityworld.com

peppermintproject.com

Targets

- Target
  
  OR71042P.exe
- Size
  
  259KB
- MD5
  
  3938c79cdaba4ed8ce678b0e80856648
- SHA1
  
  8cc115a4017d767b63d015551a265dc3419cf974
- SHA256
  
  c5e2e6ca1132790699601f8a322bf098ecfc4001063a94ba0fb1861e73748fd7
- SHA512
  
  047caf03cd00fb97fedbc517aec3de04df7decb12b0400dd34f5957a54cb6be9be00a3d750952b0750b2282dd06b854286638e834b87befa1d67168b248c4118
Score

10^/10

xloader p086 loader rat suricata
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2